Apple Security Advisory 2017-09-25-6

CFNetwork ProxiesAvailable for: Apple TV (4th generation)Impact: An attacker in a privileged network position may be able tocause a denial of serviceDescription: Multiple denial of service issues were addressed throughimproved memory handling.CVE-2017-7083: Abhinav Bansal of Zscaler Inc.Entry added September 25, 2017

CoreAudioAvailable for: Apple TV (4th generation)Impact: An application may be able to read restricted memoryDescription: An out-of-bounds read was addressed by updating to Opusversion 1.1.4.CVE-2017-0381: V.E.O (@VYSEa) of Mobile Threat Research Team, TrendMicroEntry added September 25, 2017

libcAvailable for: Apple TV (4th generation)Impact: A remote attacker may be able to cause a denial-of-serviceDescription: A resource exhaustion issue in glob() was addressedthrough an improved algorithm.CVE-2017-7086: Russ Cox of GoogleEntry added September 25, 2017

libcAvailable for: Apple TV (4th generation)Impact: An application may be able to cause a denial of serviceDescription: A memory consumption issue was addressed throughimproved memory handling.CVE-2017-1000373Entry added September 25, 2017

SQLiteAvailable for: Apple TV (4th generation)Impact: Multiple issues in SQLiteDescription: Multiple issues were addressed by updating to version3.19.3.CVE-2017-10989: found by OSS-FuzzCVE-2017-7128: found by OSS-FuzzCVE-2017-7129: found by OSS-FuzzCVE-2017-7130: found by OSS-FuzzEntry added September 25, 2017

SQLiteAvailable for: Apple TV (4th generation)Impact: An application may be able to execute arbitrary code withsystem privilegesDescription: A memory corruption issue was addressed with improvedmemory handling.CVE-2017-7127: an anonymous researcherEntry added September 25, 2017

WebKitAvailable for: Apple TV (4th generation)Impact: Cookies belonging to one origin may be sent to another originDescription: A permissions issue existed in the handling of webbrowser cookies. This issue was addressed by no longer returningcookies for custom URL schemes.CVE-2017-7090: AppleEntry added September 25, 2017